Quiz 3 review

1 All homework questions

Question 1

What kinds of bugs can be turned into security vulnerabilities?

  1. Fatal errors, where the program freezes or crashes.
  2. Logic errors, where a function runs but computes a slightly wrong result.
  3. Missing features not present in the program at all.

Question 2

Which of the following is a difference between a vulnerability and an exploit?

  1. A vulnerability is a specific type of exploit.
  2. An exploit is a specific type of vulnerability.
  3. Code has exploits that attackers use to create vulnerabilities.
  4. Code has vulnerabilities that attackers use to create exploits.
  5. They are synonyms.

Question 3

What’s the best security advice regarding updating software like operating systems and applications you use?

  1. Don’t update: updates used to reduce the security of old software to encourage people to buy newer devices and applications.
  2. Update after a delay: updates are sometimes buggy and waiting avoids getting a bad update.
  3. Update right away: delaying updates can open your computer to cyber attacks.

Question 4

Which of the following is the most secure way to manage your passwords?

  1. Come up with one long and unguessable password I can’t forget and use it everywhere.
  2. Have two passwords: one for important sites and another for unimportant sites.
  3. Just remember one password, the one for your email, and use forgot your password options for everything else.
  4. Use a password manager (either an app or a piece of paper) to keep track of a different password for each site.

Question 5

Could installing a browser extension be a security risk?

  1. Maybe, some extensions are malicious and create holes in the browser’s sandbox.
  2. No, extensions are contained by the browser’s sandbox and are as safe as the browser itself is.
  3. Yes, even well intentioned extensions weaken the browser’s sandbox.

Question 6

Signatures use public keys to authenticate websites. How do we know if the public key is authentic instead of being created by an attacker?

  1. Each computer comes with the public keys for all the major websites; we trust the computer manufacturers to give us the right keys.
  2. Each website gives us a certificate telling us its public key, signed by someone else we already know.
  3. If the public key can decrypt the signature, it is authentic.
  4. The first time we visit a website it tells us its key; we remember that for all future visits.

Question 7

Digital certificates have expiration dates. Why?

  1. To keep up with Moore’s law, which makes what used to be too hard to do become doable as new hardware comes along.
  2. To keep us buying new certificates.
  3. To make ensure time-consuming attacks on certificates don’t complete their work until after the certificate has expired.
  4. To protect against the possibility that quantum computers might break older certificate technology.

Question 8

The Diffie-Hellman key exchange is used to create

  1. Blockchains
  2. Digital certificates
  3. Hashes
  4. Keys for symmetric encryption
  5. Public and private keys for making signatures
  6. Signatures

Question 9

What is the difference between authentication and authorization?

  1. Authentication ensures a message hasn’t been altered, authorization ensures only intended recipients receive the message.
  2. Authentication ensures only intended recipients receive the message, authorization ensures a message hasn’t been altered, .
  3. Authentication tells me what you are allowed to do, authorization tells me who you are.
  4. Authentication tells me who you are, authorization tells me what you are allowed to do.

Question 10

Which of the following best describes the principle of least privilege?

  1. Granular rights systems, where each user has only those they absolutely need, are more secure.
  2. Simpler systems with fewer roles and sets of rights are more secure.
  3. The less you have to think about your rights, the more usable the system is.
  4. The usability of a system is dominated by the least-privileged user’s experience.

Question 11

Which cryptography tools are used by common blockchains such as BitCoin and Etherium?

  1. Hashes, used to ensure old transactions are never lost.
  2. Key exchange, used to ensure blockchain users agree on they keys used.
  3. Signatures, used to ensure only coin owners can give them away.
  4. Symmetric ciphers, used to keep others from eavesdropping on private transactions.

Question 12

Suppose a million users are on a blockchain and the blockchain contains 100 GB of data. How much of that data is stored by the average blockchain user?

  1. 100 GB
  2. 100 GB / 1 million = 100 KB
  3. 100 GB / sqrt(1 million) = 100 MB
  4. A fixed, constant amount; only a few users have data that scales with blockchain size

Question 13

IP (Internet Protocol) is used to route messages between computers. Which of the following are true of IP?

  1. It connects computers with the help of other intermediate computers.
  2. It identifies computers by their URL hostname (for example, illinois.edu).
  3. It reliably delivers messages if possible, or gives an error message if not possible.

Question 14

What best describes the security of IP traffic?

  1. Both who you are communicating with and what you are saying to them can be encrypted if you both agree to do so.
  2. Both who you are communicating with and what you are saying to them is always encrypted.
  3. Neither Who you are communicating nor what you are saying to them can be encrypted.
  4. Who you are communicating with cannot be encrypted, but what you are saying to them can be encrypted if you both agree to do so.
  5. Who you are communicating with cannot be encrypted, but what you are saying to them is always encrypted.

Question 15

Which best describes the computer you are using to access this homework right now?

  1. It is not part of the internet, but it is on the internet by being connected to a computer that is.
  2. It is part of the internet, but because it’s only attached to one other computer no messages are routed through it.
  3. It is part of the internet, participating routing messages between other computers.

Question 16

DNS is primarily used to

  1. Add security (authentication, integrity, and/or confidentiality) to internet communication.
  2. Connect two computers with the help of other intermediate computers.
  3. Convert URLs to IP addresses.
  4. Deal with connection failures.

Question 17

Suppose I want to have the URL https://info102.illinois.edu be created and used for this course’s webpage. Who should I ask to do that?

  1. EDUCAUSE, the nonprofit association that controls .edu URLs.
  2. I ask the University; if they agree they then ask EDUCAUSE.
  3. I ask the University; if they agree they then ask IANA.
  4. IANA, the international agency that controls IP addresses.
  5. The University of Illinois Urbana-Champaign, the organization that owns the illinois.edu site.

Question 18

Which of the following could a hacker do if they owned a computer that helps route internet traffic?

This is one of two related questions that differ in what level of Internet access the attacker has.

  1. Look for an exploit vulnerabilities in other computers.
  2. Prevent access to certain websites by failing to deliver those requests.
  3. Read the contents of email between different email clients.
  4. Read the passwords users type into webpages.

Question 19

Which of the following could a hacker do if they connect through an internet service provider?

This is one of two related questions that differ in what level of Internet access the attacker has.

  1. Look for an exploit vulnerabilities in other computers.
  2. Prevent access to certain websites by failing to deliver those requests.
  3. Read the contents of email between different email clients.
  4. Read the passwords users type into webpages.

Question 20

TCP adds reliability on top of unreliable communication by using the digital equivalent of which two of the following human communication patterns?

  1. Adding page numbers to a stack of printed pages to help put them in order if they are dropped.
  2. Asking others to repeat themselves if what they said was hard to hear or nonsensical.
  3. Repeating yourself if the person you are talking to doesn’t respond.
  4. Saying the same thing in multiple ways to ensure it is understood.
  5. Using abbreviations like it to avoid repeating previously-stated items.

Question 21

When a program lives in the cloud or is cloud native, that means

  1. It’s still an idea, not yet realized as a concrete application.
  2. Its owners rent time on computers to run it instead of running it themselves.
  3. Its webpage doesn’t have a static URL or IP address.
  4. Users access it through the Internet.

Question 22

It is common for 1 hour of compute time using serverless computing to cost as much as 10 hours of compute time and wear-and-tear on servers you own yourself. Why is serverless computing still attractive?

  1. Many apps are used only sporadically; serverless models avoid paying for down time.
  2. Serverless computing can do more in 1 hour than commodity servers could do in 10 hours.
  3. Servers are bad for the environment; it’s worth paying extra to run without a server.
  4. Servers only work for online programs; programs that run locally need to be run in a serverless way.

Question 23

Which of the following is the primary reason why computer chip creation machines use a computer?

  1. Computers can be cheaper than building customized analog hardware.
  2. Computers can be communicate over the Internet or with wireless signals.
  3. Computers can be configured to handle many different tasks with one device.
  4. Computers can integrate multiple sensors to implement more involved decisions.
  5. Computers can solve math that is hard to build as an analog device.

Question 24

Which of the following is the primary reason why modern car tires use a computer?

  1. Computers can be cheaper than building customized analog hardware.
  2. Computers can be communicate over the Internet or with wireless signals.
  3. Computers can be configured to handle many different tasks with one device.
  4. Computers can integrate multiple sensors to implement more involved decisions.
  5. Computers can solve math that is hard to build as an analog device.

Question 25

Which of the following is the primary reason why microwave ovens use a computer?

  1. Computers can be cheaper than building customized analog hardware.
  2. Computers can be communicate over the Internet or with wireless signals.
  3. Computers can be configured to handle many different tasks with one device.
  4. Computers can integrate multiple sensors to implement more involved decisions.
  5. Computers can solve math that is hard to build as an analog device.

Question 26

If my devices uses an ASIC, which of the four defining properties of what we usually mean by computer does it have?

  1. Computer
  2. Digital
  3. General-purpose
  4. Programmable

Question 27

Which two of the following are generally implied by describing a household device as smart?

  1. Contains multiple actuators
  2. Contains multiple sensors
  3. Has a screen
  4. Has buttons or keys for direct input
  5. Is connected to the Internet
  6. Powers itself off when not in use
  7. Rechargeable
  8. Uses AI

Question 28

If you have a smart thermostat or other smart household appliance, it probably

  1. has been hacked, and will be used to harm you at some point in the future.
  2. has been hacked, but cybercriminals are using it to harm others not you.
  3. is safe from cybercriminals because it has few functions to be hacked.
  4. is safe from cybercriminals because it isn’t worth a hacker taking it over.

Question 29

The first Roomba from iRobot is often cited as the first commercially-viable household robot. Its success was in part due to

  1. Advanced sensors that helped it correctly tell furniture, walls, and feet apart.
  2. Advanced vision algorithms that helped it create a 3D map of the rooms it was cleaning.
  3. Planned motion that systemically cleaned everywhere efficiently.
  4. Randomized motion that cleaned everywhere eventually.

Question 30

Given what we shared about self-driving cars, which of the following seems likely to be the hardest for them to do?

  1. Avoid obstacles in the road
  2. Detour around road closures
  3. Drive in snow, rain, and other slippery conditions
  4. Follow directions of officers directing traffic by hand
  5. Navigate through narrow gaps and into tight spaces
  6. Parallel park
  7. Read road signs, traffic lights, and the like

2 All Lab Questions

Question 31

Define Authentication

Question 32

Define Confidentiality

Question 33

Define Integrity

Question 34

Define Authorization

Question 35

Define the principle of least privilege

Question 36

Why is it less secure to install a browser extension that changes how the window border looks than it is to visit a webpage that is running complicated code that you don’t understand or trust?

Question 37

What are the two most important tips for using computers safely?

Question 38

What is the primary purpose of IP?

Question 39

What is the primary purpose of DNS?

Question 40

What is the primary purpose of TCP?

Question 41

Your computer is online, but it is not part of the Internet. Which of the following operations can it do?

Question 42

Recently U of I announced (https://massmail.illinois.edu/massmail/1486908145.html) a plan to find a cloud‑based platform to handle student registration. What does cloud-based mean?

Question 43

A robot was defined in lecture as having three components and in lab as what those three components do. Give either list here.